Workplace hit by cryptolocker virus

One of our users at work has been hit with Zepto last Wednesday.

The bad news is two-fold... firstly, the ~400GB of local data has all been encrypted, and secondly, their most recent backup of this was.... March.

It's great when everyone stores everything on the network, but when an average user has 400-2000GB of data, and 'demanding' users have orders of magnitude larger, local data really is their only option.

However, they know this, and a failure to maintain regular backups is their own fault.

Time to start teaching people the need for air-gapped backups methinks!
 
This thread has highlighted a ton of work for me get done. On our own server I've just realised how dodgy my backup situation is. Backups go to two NASs mapped to the server = Bad.

I think the best short term solution is to unmap the NAS Share and lock the share credentials to a unique Login used only by Veeam. Only Veeam will have access to the share.

Most of my Customers still use Tape for archiving, but use NASs for system restore snapshots. I'll have to do this for them too. A useful if scary thread.

Nate
 
Nate--IRL-- said:
This thread has highlighted a ton of work for me get done. On our own server I've just realised how dodgy my backup situation is. Backups go to two NASs mapped to the server = Bad.

I think the best short term solution is to unmap the NAS Share and lock the share credentials to a unique Login used only by Veeam. Only Veeam will have access to the share.

Most of my Customers still use Tape for archiving, but use NASs for system restore snapshots. I'll have to do this for them too. A useful if scary thread.

Nate
Click to expand...

What you need is offline copies and a way to keep them isolated if you need to recover from them - i.e. mounting read only, taking a copy to work from, etc.
 
Yep you're completely correct, In some cases I have Clients with Off-Site Cloud backup. Clients are in general reluctant to pay for that however. As for what I can do immediately, tomorrow, is limit access as much as possible, for the on-site infrastructure.

Longer term I'll need to rethink backups for those not using tape.

Nate
 
KillBoY_UK said:
4 times in a year ? without sounding rude your workforce are ether clueless or idiots. You would have thought after the first one people who know not to click on iffy looking links from iffy looking emails or is that just me ?
Click to expand...
Lol, not rude mate, accurate! We have some of the dumbest ** Do not circumvent to swear filter - EVH ** that you can imagine.
I keep petitioning to lockdown the spam filters even further, but get met with concerns of important emails not getting through or business slowing down.
It's hard when the board of directors are like those adult babies off the haribo adverts......so they empathise with the low paid dufus that actually clicks to open an infected PDFs.
Can't flipping win. :rolleyes:
 
Last edited by a moderator:
matt_fsr said:
One of our users at work has been hit with Zepto last Wednesday.

The bad news is two-fold... firstly, the ~400GB of local data has all been encrypted, and secondly, their most recent backup of this was.... March.

It's great when everyone stores everything on the network, but when an average user has 400-2000GB of data, and 'demanding' users have orders of magnitude larger, local data really is their only option.

However, they know this, and a failure to maintain regular backups is their own fault.

Time to start teaching people the need for air-gapped backups methinks!
Click to expand...

Got the same trouble. We're down to 250GB of storage so I've been using treesize to see where it's all gone (and as there's no more free slots in the server I can't even easily increase the storage). So I find that the manager of one of the offices has got a copy of every job he's done. And then within the same folder an "archive" of the same thing. So that's two copies. Except every job he's done is also (correctly) in the client folders so there's THREE copies of the same thing (plus the backups).

So that was 50GB recovered straight away. Except I suspect going by his comments he's just moved it to a local drive on his laptop. So if he's prepared to do that, wonder what else is on there.
 
Surprise surprise guess what I've come into this morning.


.odin cryptolocker


Which looks like it's about a week old virus, new variant of Locky. Pretty impressive really that our users are this stupid.
 
Azza said:
Surprise surprise guess what I've come into this morning.


.odin cryptolocker


Which looks like it's about a week old virus, new variant of Locky. Pretty impressive really that our users are this stupid.
Click to expand...

Can you tell which machine it was introduced on and then slap that person around the face ?
 
MooMoo444 said:
How much do they want :p
Click to expand...

Too many bitcoins. :D :D


KillBoY_UK said:
Can you tell which machine it was introduced on and then slap that person around the face ?
Click to expand...


Apparently she got a bit upset and nearly started to cry when she was told what she had done.

The email was basically a blank email, no subject, just an excel attachment with 'Sent from my iPhone' in the body from a completely random sender, opened the attachment and thought enabling the macros and running them would be a good idea. :o :o
 
Azza said:
Too many bitcoins. :D :D





Apparently she got a bit upset and nearly started to cry when she was told what she had done.

The email was basically a blank email, no subject, just an excel attachment with 'Sent from my iPhone' in the body from a completely random sender, opened the attachment and thought enabling the macros and running them would be a good idea. :o :o
Click to expand...

Women and technology simply don't mix.
 
You must log in or register to reply here.
Back
Top Bottom